There are some entries.
After 3m 35 sec the entries will be deleted.
When there are too many entries I stopp the "refreshing mode" but for less entries I will pickup the information of the entries and often 3m 35sec are to low to analyse the log entries.
There is no dedicated banIP log - it puts messages into syslog.
OpenWRT has two main logs: kernel and syslog. By default syslog is held in RAM and is a ring buffer of a fixed size with the oldest entries getting overwritten as new ones come in. The log is usually viewed from Status -> System log. Some settings are available at System -> System -> Logging tab. One is the size. Increase it to keep more messages around before they get overwritten. Some packages let you configure how much and how detailed the log entries they produce are. Adjusting them to not put so much in the log will increase the time before old log entries are overwritten.
Checked it and this is not the reason for the speed drop. I've just tried another VPN provider and there are no drops. Looks like the other VPN provider implemented a speed filtering so not many consecutive tests can be run in a row.
I went back and skimmed over the readme file (searched for words 'save', 'apply', 'restart') and couldn't find the reference you've mentioned.
I really like the plugin and I am extremely grateful for the work invested in it. I need to ask, for my own reference, is it really beneficial/justified to change the general "control flow" of luci for banip? We will have one plugin behaving completely in a custom way compared to everything else in luci (it might be that there are other plugins implementing these custom controls that I'm not aware of).
Could someone please confirm how banip works in the following scenario?
I tried to understand this on my own, and have found some mentions about it from earlier period of banip development, but I simply am not sure I understand completely.
So, let's imagine I block one whole country in banip, China for example.
My intention is to prevent excessive IP scans that I get everyday on my the static IP that's assigned to my home internet connection.
Would I still be able to connect to the Aliexpress, Temu, etc. (China-based sites)? Is that what the option "Automatically add resolved domains and uplink IPs to the local banIP allowlist." means under "Overview->Feed Selection->Local Feed Settings"?
I remember there were some iptables rules that would essentially said, allow any incoming wan connection that is a response to a request that originated from the lan. Reject everything else from wan.
Is this how it works or, if not, is it even possible to achieve something like that?
By default, BanIP will have a higher priority than your standard firewall rules. Additionally, if you have Country (geo) blocks, outbound traffic would also automatically be blocked from your LAN FWD. To exempt certain sites for which IPs are part of a block list, you would need to whitelist the them (FQDNs, or IPs ) individually in your Allowlist. Note that some sites may use resources called upon from secondary FQDNs / IPs ( ex. www.example.com / customer.example.com or third party external pages / APIs etc. )
What I mean by that is you may find that while you are able to connect to a site, some components are missing or not functional. It may be necessary for you to turn on verbose logging of LAN FWD in BanIP so you can see realtime what else is being blocked as you access and test the initial whitelisted site.
Sorry but I have to come back with the same issue:
2 cases:
1.) Standard connection wan - DSL - the filters set in banip take effect - everything fine!
2.) Failover with DSL(wan) and 5G(WAN_5G) - I removed the filters from allowlist(set via case1), deleted the tmp directory, cleared the browser cache and still I can access the banned URLs
Where is my configuration error?
config banip 'global'
option ban_enabled '1'
option ban_debug '1'
option ban_autodetect '1'
list ban_logterm 'Exit before auth from'
list ban_logterm 'luci: failed login'
option ban_fetchretry '5'
option ban_nicelimit '0'
option ban_filelimit '1024'
option ban_deduplicate '1'
option ban_nftpriority '-100'
option ban_icmplimit '10'
option ban_synlimit '10'
option ban_udplimit '100'
option ban_nftpolicy 'memory'
option ban_blocktype 'drop'
option ban_nftloglevel 'warn'
option ban_logprerouting '0'
option ban_loginput '1'
option ban_logforwardwan '1'
option ban_logforwardlan '1'
option ban_loglimit '100'
list ban_region 'AFRINIC'
list ban_region 'APNIC'
list ban_region 'ARIN'
list ban_region 'LACNIC'
list ban_region 'RIPE'
option ban_autoallowlist '1'
option ban_autoallowuplink 'subnet'
option ban_autoblocklist '1'
option ban_allowlistonly '0'
option ban_fetchcmd 'uclient-fetch'
option ban_protov4 '1'
list ban_ifv4 'WAN2_5G'
list ban_ifv4 'wan'
list ban_dev 'lan1'
list ban_allowurl 'https://www.ipdeny.com/ipblocks/data/aggregated/ca-aggregated.zone'
list ban_allowurl 'https://www.ipdeny.com/ipblocks/data/aggregated/fi-aggregated.zone'
list ban_allowurl 'https://www.ipdeny.com/ipblocks/data/aggregated/fr-aggregated.zone'
list ban_allowurl 'https://www.ipdeny.com/ipblocks/data/aggregated/de-aggregated.zone'
list ban_allowurl 'https://www.ipdeny.com/ipblocks/data/aggregated/ie-aggregated.zone'
list ban_allowurl 'https://www.ipdeny.com/ipblocks/data/aggregated/nl-aggregated.zone'
list ban_allowurl 'https://www.ipdeny.com/ipblocks/data/aggregated/no-aggregated.zone'
list ban_allowurl 'https://www.ipdeny.com/ipblocks/data/aggregated/pl-aggregated.zone'
list ban_allowurl 'https://www.ipdeny.com/ipblocks/data/aggregated/se-aggregated.zone'
list ban_allowurl 'https://www.ipdeny.com/ipblocks/data/aggregated/ch-aggregated.zone'
list ban_allowurl 'https://www.ipdeny.com/ipblocks/data/aggregated/gb-aggregated.zone'
list ban_allowurl 'https://www.ipdeny.com/ipblocks/data/aggregated/us-aggregated.zone'
list ban_feed 'asn'
list ban_feed 'country'
list ban_trigger 'wan'
list ban_trigger 'WAN2_5G'
list ban_asn '133478'
list ban_asn '45090'
I noticed that it just increases continuously. I generate a report daily to see the banip stats for the purpose of seeing new stats since the last time it was generated.
currently i use banip to block doh because i figured even when i changed the settings on chromium browsers to follow system dns if i would test it to 8.8.8.8 it would still use DoH even if i had set it off in Windows, this caused alot of issues when i was testing why my dns hijacking was failed.
now everything works fine on my lan, but on my wireless i kinda use a unusual setup
on my wireless segment network wlan0, all traffic is blocked except to a wifivpn instance which is a local wireguard server this I then pre route with Strangri's pbr to wgclient.
so my traffic orginates like:
wlan0 -> wifivpn -> wgclient and wglient over wan.
when i set 8.8.8.8 dns on my wireguard android app i still see my dns is leaking and it goes over DoH, when I enable my own traffic rule to directly block 8.8.8.8 on 443 the hijacking works again.
could it be that my wifivpn isn't picked up correctly because it is a tunnel?
I think i was mistaken, it seems i moved my rules for blocking doh and they were always active, and the actually rules i used to test were for DOT, so naturally it makes sense banip doesn't work on those.